Making Photos Private

January 27th, 2006 12:22 AM

After seeing Libby mention my photo privacy code (via Danny) on #swig, I thought I’d better write it up. So I’ve just made public a feature on this website I’ve been playing with for several months. After discussion privacy issues at ISWC with Libby and Bijan, I added support on the photo pages for marking individual photos as private. The idea here is that if you’re in a photo, you have the option of taking it offline.

Here’s what’s going on:

The photos on this site are all annotated using RDF to describe, among other things, the people depicted in the photo. Whenever possible, the RDF describing people includes an Inverse Functional Property, most often the foaf:mbox_sha1sum property based on an email address. This allows the photo annotations to uniquely identify people without exposing their email address.

To make a photo private, you must first log in via TypeKey. TypeKey provides a centralized identity system — the service handles the authentication and returns to my site a username and the either the (verified) email address of the account, or (conveniently) the SHA1 sum of the email address.

Using these two sources of (possibly hashed) email addresses, it’s a simple matter to determine if the user is listed as being depicted in the photo. In the case that the user is depicted in the photo, the site presents them with the option of marking the photo as public or private. This operation generates RDF similar to this:





<foaf:Image rdf:about=”/pictures/2005/20050115-Maine_Winterfest/images/DSC_7644.jpg”>



            <priv:permission rdf:resource=””/>

            <foaf:maker rdf:resource=””/>





The front-end photo gallery code then checks for the presence of any priv:hasPolicy predicates attached to the Image, looking for any marking the image as private.

There are still some issues with the current implementation. For one, the private images aren’t really private yet. They’re just hidden in the photo gallery view, preventing casual browsing. At this point, the image is still visible directly and on the (still-static) people and things pages. I hope to be moving those pages over to dynamic, privacy-respecting code soon.

I’d be interested in formalizing the RDF modeling of this approach to privacy, and seeing it used in more systems than just mine. In particular, I’m interested in more elaborate modeling than just a binary public/private distinction. For example, marking an image as only viewable by members of a foaf:Group.


Thanks Gregory, interesting and useful. The TypeKey hook is very nifty.

I’ve been playing around a little with access control on foaf:Groups myself, but haven’t got anything useful to show yet :-(

Posted by: Danny Ayers on January 27th, 2006 9:28 AM

ah, so that’s how you’re implementing it. very cool :) one minor nitpick though: the email address i have registered with typekey is of the “gary+typekey@” variety. it sounds like this would then prevent me from being able to mark photos as private.

more generally, i can imagine that many people might give out a more “spam-friendly” email address to a site like typekey, whereas your rdf for that person would probably contain a more personal email address.

Posted by: gary on January 27th, 2006 5:58 PM

Yeah, using a seperate email address is a problem. You can use your main email address with TypeKey and have them never give it out to other sites (instead using the SHA1 sum), but I understand that this is an open issue. My solution at this point is to have people email me if this happens, and I’ll add their spam-friendly email address to my RDF store so that they’ll be able to log in with it.

Posted by: kasei on January 27th, 2006 6:32 PM

Greg, your photo gallery overall is very nice. What software are you using for it? I’d be interested in experimenting with it for my photos.

Posted by: Dave Brondsema on January 27th, 2006 8:41 PM


The photo gallery is run by a custom framework of perl code, backed by a Redland/MySQL RDF store. I’d be happy to make the code available, but at the moment it’s a pretty loose collection of scripts that have accumulated over the years.

Posted by: kasei on January 28th, 2006 8:35 PM